diff options
| author | Alejandro Colomar <alx@kernel.org> | 2024-05-29 20:03:45 +0200 |
|---|---|---|
| committer | Alejandro Colomar <alx@kernel.org> | 2024-05-31 01:47:29 +0200 |
| commit | 960603dbcc8dac4c4d7acb4aa0ec3457afd0415d (patch) | |
| tree | 4d5bacb795b7f74432765073a2996b6289ceb72b | |
| parent | 7bf365268357df64aced4ed87be2a3b5f42ba8aa (diff) | |
| download | man-pages-960603dbcc8dac4c4d7acb4aa0ec3457afd0415d.tar.gz | |
prctl.2, PR_SET_NO_NEW_PRIVS.2const: Split PR_SET_NO_NEW_PRIVS from prctl(2)
Signed-off-by: Alejandro Colomar <alx@kernel.org>
| -rw-r--r-- | man/man2/prctl.2 | 62 | ||||
| -rw-r--r-- | man/man2const/PR_SET_NO_NEW_PRIVS.2const | 86 |
2 files changed, 92 insertions, 56 deletions
diff --git a/man/man2/prctl.2 b/man/man2/prctl.2 index 9df0601cb8..3fa1f7bf8a 100644 --- a/man/man2/prctl.2 +++ b/man/man2/prctl.2 @@ -21,7 +21,7 @@ .\" 2012-04-25 Michael Kerrisk, Document PR_TASK_PERF_EVENTS_DISABLE and .\" PR_TASK_PERF_EVENTS_ENABLE .\" 2012-09-20 Kees Cook, update PR_SET_SECCOMP for mode 2 -.\" 2012-09-20 Kees Cook, document PR_SET_NO_NEW_PRIVS, PR_GET_NO_NEW_PRIVS +.\" 2012-09-20 Kees Cook, document PR_GET_NO_NEW_PRIVS .\" 2012-10-25 Michael Kerrisk, Document PR_SET_TIMERSLACK and .\" PR_GET_TIMERSLACK .\" 2013-01-10 Kees Cook, document PR_SET_PTRACER @@ -109,50 +109,8 @@ The first argument can be: .B PR_SET_NAME .TQ .B PR_GET_NAME -.\" prctl PR_SET_NO_NEW_PRIVS -.TP -.BR PR_SET_NO_NEW_PRIVS " (since Linux 3.5)" -Set the calling thread's -.I no_new_privs -attribute to the value in -.IR arg2 . -With -.I no_new_privs -set to 1, -.BR execve (2) -promises not to grant privileges to do anything -that could not have been done without the -.BR execve (2) -call (for example, -rendering the set-user-ID and set-group-ID mode bits, -and file capabilities non-functional). -Once set, the -.I no_new_privs -attribute cannot be unset. -The setting of this attribute is inherited by children created by -.BR fork (2) -and -.BR clone (2), -and preserved across -.BR execve (2). -.IP -Since Linux 4.10, -the value of a thread's -.I no_new_privs -attribute can be viewed via the -.I NoNewPrivs -field in the -.IR /proc/ pid /status -file. -.IP -For more information, see the kernel source file -.I Documentation/userspace\-api/no_new_privs.rst -.\" commit 40fde647ccb0ae8c11d256d271e24d385eed595b -(or -.I Documentation/prctl/no_new_privs.txt -before Linux 4.13). -See also -.BR seccomp (2). +.TQ +.B PR_SET_NO_NEW_PRIVS .\" prctl PR_GET_NO_NEW_PRIVS .TP .BR PR_GET_NO_NEW_PRIVS " (since Linux 3.5)" @@ -1297,9 +1255,8 @@ but the process does not have the .B CAP_SYS_ADMIN capability or has not set the .I no_new_privs -attribute (see the discussion of -.B PR_SET_NO_NEW_PRIVS -above). +attribute (see +.BR PR_SET_NO_NEW_PRIVS (2const)). .TP .B EFAULT .I arg2 @@ -1389,14 +1346,6 @@ is not .B EINVAL .I op is -.B PR_SET_NO_NEW_PRIVS -and -.I arg2 -is not equal to 1. -.TP -.B EINVAL -.I op -is .B PR_PAC_RESET_KEYS and the arguments are invalid or unsupported. See the description of @@ -1552,4 +1501,5 @@ glibc 2.0.6 .BR PR_MPX_DISABLE_MANAGEMENT (2const), .BR PR_SET_NAME (2const), .BR PR_GET_NAME (2const), +.BR PR_SET_NO_NEW_PRIVS (2const), .BR core (5) diff --git a/man/man2const/PR_SET_NO_NEW_PRIVS.2const b/man/man2const/PR_SET_NO_NEW_PRIVS.2const new file mode 100644 index 0000000000..cc3512593a --- /dev/null +++ b/man/man2const/PR_SET_NO_NEW_PRIVS.2const @@ -0,0 +1,86 @@ +.\" Copyright 2012, Kees Cook <keescook@chromium.org> +.\" Copyright 2012, 2013, 2015, Michael Kerrisk <mtk.manpages@gmail.com> +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.\" 2012-09-20 Kees Cook, document PR_SET_NO_NEW_PRIVS, PR_GET_NO_NEW_PRIVS +.\" +.TH PR_SET_NO_NEW_PRIVS 2const (date) "Linux man-pages (unreleased)" +.SH NAME +PR_SET_NO_NEW_PRIVS +\- +set the calling thread's no_new_privs attribute +.SH LIBRARY +Standard C library +.RI ( libc ", " \-lc ) +.SH SYNOPSIS +.nf +.B #include <sys/prctl.h> +.P +.BI "int prctl(int " op ", ...);" +.fi +.SH DESCRIPTION +.TP +.BR PR_SET_NO_NEW_PRIVS " (since Linux 3.5)" +Set the calling thread's +.I no_new_privs +attribute to the value in +.IR arg2 . +With +.I no_new_privs +set to 1, +.BR execve (2) +promises not to grant privileges to do anything +that could not have been done without the +.BR execve (2) +call (for example, +rendering the set-user-ID and set-group-ID mode bits, +and file capabilities non-functional). +Once set, the +.I no_new_privs +attribute cannot be unset. +The setting of this attribute is inherited by children created by +.BR fork (2) +and +.BR clone (2), +and preserved across +.BR execve (2). +.IP +Since Linux 4.10, +the value of a thread's +.I no_new_privs +attribute can be viewed via the +.I NoNewPrivs +field in the +.IR /proc/ pid /status +file. +.IP +For more information, see the kernel source file +.I Documentation/userspace\-api/no_new_privs.rst +.\" commit 40fde647ccb0ae8c11d256d271e24d385eed595b +(or +.I Documentation/prctl/no_new_privs.txt +before Linux 4.13). +See also +.BR seccomp (2). +.SH RETURN VALUE +On success, +0 is returned. +On error, \-1 is returned, and +.I errno +is set to indicate the error. +.SH ERRORS +.TP +.B EINVAL +.I op +is +.B PR_SET_NO_NEW_PRIVS +and +.I arg2 +is not equal to 1. +.SH STANDARDS +Linux. +.SH HISTORY +.SH SEE ALSO +.BR prctl (2), +.BR PR_GET_NO_NEW_PRIVS (2const) |